7 Security Predictions for 2014 from Booz Allen Hamilton

The consulting group previewed some of the important trends in cyber security that banks need to keep their eye on in 2014.

The sophisticated cyber attacks that banks experienced in 2013 will continue into 2014, Booz Allen Hamilton, a management consulting firm, said in its cyber security predictions for 2014.

Board members and executives have seen the threat landscape evolve with the high profile DDoS attacks this past year, turning cyber security into a bigger concern for all banks, the company said in a statement outlining the predictions, which was released this week.

“Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber security program that responds to an institution’s critical business risks,” Bill Stewart, Booz Allen’s senior vice president and head of commercial finance, explained in the statement.

Here are the consultancy’s top trends to watch in cyber security in 2014:

1. Making threat intelligence useful - Big banks have a great deal of data, but sifting through it all to find actionable intelligence and making use of it will be a big challenge next year. Threat intelligence will need to be joined with incident response, fraud and other areas.

3. Emerging countries will experience more cyber attacks on banks - The growing wealth of emerging markets will make fraudsters take notice of the new and lucrative opportunities for them there. Countries in Latin America, the Middle East and Asia that are quickly modernizing their technology infrastructures will become more enticing targets for cyber criminals.

4. Attacks will spread to smaller institutions - Mid-tier and regional banks, wealth management firms and hedge funds don’t have the sophisticated cyber security systems and large teams of experts that bigger institutions have. Attackers will begin to shift their efforts to these easier targets over the next year.

5. New strategies for dealing with insider threats - Banks will start to develop new strategies that involve different teams across the organization to improve awareness of cyber security threats and how employees need to respond to them to help deal with social engineering attacks and other such threats.

6. Dealing with challenges created by the NIST framework - The NIST cyber security framework will make private sector businesses liable data destroyed or stolen in breaches. This will open the window for a growing insurance industry in the area of cyber attacks to help banks manage that liability, according to Booz Allen.

7. New needs around data security - More data will be moving to the cloud in the next year, which will require new security controls over the sharing of data. This will provide an opportunity for banks to improve their security architecture and integrate new controls. This will further the use of analytics in cyber security to deal with the volumes of data.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

And as far as realism goes, I hardly remember a word problem that sounded feasible. As I recall, few people buy that many bananas and apples in a single trip to the grocery store. And nobody should eat that many candy bars.

Ok I got this. Peter earns 50% less per hack, and Sally has hacked 2 banks for $18,000. That she means earns $9000 per hack (making the wild assumption that she somehow earns equal $$$ per hack). That means Peter earns $4500 per hack. And he has conducted 6X as many hacks as Sally, so he's done 12 hacks. 12 hacks X $4,500 = $54,000. Who says crime doesn't pay?

Smaller banking institutions, wealth managers and hedge funds may not have the resources to hire in-house cyber security experts. That's where consulting firms can come in to educate them. Insider training (as opposed to trading) is another method of protecting a firm from employees clicking on fraudulent emails. It sounds like banks and other FS firms have tons of intelligence data on cyber threats, and the issue is taking the time and resources to analyze it and extract meaning.

Definitely agree with that. I'm used to weeding out spam on my laptop, but it's harder when that info has to be condensed to fit on a mobile screen. I'm guilty of opening emails I think are from real people, but didn't realize they were spam because I couldn't read the subject line or part of the email's content.

#2 Mobile threats: great point about holiday shopping. Mobile is definitely the next frontier of consumer spamming, and it's difficult for a consumer to respond. One bad e-mail or unsecured page on a web browser and it can be all over.

On that note, from a consumer standpoint, I think sometimes when you see a spam e-mail on a computer it's easier to identify than on a mobile device. On a full screen I find you get a better sense of the headline or e-mail address being suspicious, but on a phone screen those clues are cut off. For example I might receive an e-mail titled the "Pottery Barn H0lid@y S-+Sale-+*@#", but on my mobile all I see is Pottery Barn... (does that make sense?).